In this video, learn to perform sign in in native apps using ADAL.
- [Instructor] At this point, your application registration is in place. And you've created the basic user interface for your WPF graph application. And you've added necessary Nougat packages. Now, let's use this, to start writing some sign-in/sign-out code. Let's start with sign-in first. So at the very top, I'm going to add some using statements. We will use this during this project. Next, let's scroll down to the main window class.
And, here, I'm going to go ahead and create some class-level variables which I need to reference throughout the class. Note that there are things here that you should be already quite familiar with. My tenancy, the clientId of the application. The curious part here is this redirectUri. Why is it http something? I thought we were working in a native client application. Well, yeah, we are, but the way this works is that the browser window that'll pop open, hosted by our native app, and when it performs authentication, Azure AD will redirect you to this native uri.
Now it looks like http something, but that's okay, because it now will simply watch for that redirect and when that redirect happens to that url, it'll close that browser window. So it knows that that is when the authentication has finished. Technically, that could be http something. It really doesn't matter what you put in there. But, when you talk about, say, universal windows apps, then for security reasons, they sort of tie you down to the format of what that url needs to look like.
However, iOS or Android or, certainly, desktop applications it could literally be anything. Okay. Now inside the constructor here, let's go ahead and create the authority just like before. And, I'm going to create an authentication context. This authentication context class is what helps me perform authentication. And notice that it is asking for authority and what they call is a token cache.
And I've pointed it to a file cache that currently doesn't exist. We'll write that shortly, but let me explain the purpose of this token cache. Token cache is actually quite simple. The only purpose of it is to allow you to store tokens securely. And ADAL JS gives you the ability to create your own token cache, and we'll do that shortly. And this token cache will allow us to use whatever encryption we desire to be able to store these tokens.
Maybe you won't even store these tokens away from the user in a shared store somewhere. Maybe it's a server-based application, like a web-based application. But, in this case, it's a desktop-based application. So we'll probably store it on the disk, but, it gives us control on how we want to encrypt those tokens and so on and so forth. We'll write that token cache shortly. But, for now, just leave it as is. Now let's go to the signInButton_Click function. The signInButton_Click function is what gets called when the user clicks Sign in.
So here, I'm going to actually perform the sign-in code. And the sign-in code looks quite simple. It says, platformParams = new PlatformParameters(PromptBehavior.Always). Basically we're telling ADAL that you want to prompt the user at this point for credentials. So you have various choices over here. Instead of PromptBehavior.Always, you could say Auto as in if there is a refresh token then use it automatically. Never, don't show the login dialogue.
Just use the Refresh token. Or you will Refresh the Session. Maybe the user has already signed in and you just want to refresh it. Multiple Accounts. You want the user to be able to select what account they want to pick. This is actually a good improvement in ADAL. This wasn't there earlier. But imagine that on the same desktop I sign into multiple Office 365 tenancies, this will allow me to select account. So it's very configurable. It's very nice. And then I say AcquireTokenAsync and what that means, is go ahead and acquire the token, but based on this, we're actually going to prompt the user for credentials and then, once the sign-in occurs, then change the sign-in button text to Sign out, because up here I'm going to write some code shortly, when we check for this button text and that is how we know whether the user is signed-in or signed-out and then we can sort of trigger the sign-out logic instead of sign-in.
And since I've put in await over here, let me go ahead and also write async in the front and save this file. So, this completes my sign-in logic with the exception of this file cache, like how are we going to manage the actual tokens. So let's focus on that next.
- What is Microsoft Graph?
- Registering a web application in Azure AD
- Adding authentication logic and authentication UI
- Native applications calling Graph
- Reviewing scenarios where web apps involving Graph are useful
- Web applications with application identity and delegated identity calling Graph
- Daemons calling Graph